Axel again, from the IE Escalation team, with another Group Policy pointer.
Recently, I was asked to assist in disabling DEP (Data Execution Prevention) for Internet Explorer. This can be done from Group. The policy will allow you to turn off the Data Execution Prevention feature that is now on by default when you install Internet Explorer 8. There are good reasons why this is turned on by default and you should read about it here before making a conscious decision to turn it off with this policy.
Please note: Please understand, that the policy should only be implemented if absolutely necessary as bypassing Memory Protection could cause serious damage to your computer and organization. WE STRONGLY SUGGEST TO FIRST REVIEW THE ARTICLE: http://blogs.msdn.com/b/ieinternals/archive/2009/10/10/understanding-data-execution-prevention-crashes-in-ie8.aspx BEFORE INPLEMENTING THE POLICY ON YOUR CONTROLED ENVIRONMENT!
Policy description: This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista SP1 and Windows XP SP3.
If you enable this policy setting, Internet Explorer will not opt-in to Data Execution Prevention on platforms that support the SetProcessDEPPolicy API.
If you disable or do not configure this policy, Internet Explorer will use the SetProcessDEPPolicy API to turn on Data Execution Prevention protection on platforms that support the API.
This policy has no effect if Windows has been configured to enable Data Execution Prevention.
Location: Computer Configuration > Internet Explorer > Security Features > Turn off Data Execution Prevention
Screenshot of the policy:
- IE8 Security Part I: DEP/NX Memory Protection: http://blogs.msdn.com/ie/archive/2008/04/08/ie8-security-part-I_3A00_-dep-nx-memory-protection.aspx
- How do I improve my website and add-ons?: http://www.microsoft.com/windows/internet-explorer/readiness/developers-existing.aspx
The IE Support Team